summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorMatthew Heon <mheon@redhat.com>2020-12-02 15:01:46 -0500
committerMatthew Heon <mheon@redhat.com>2020-12-04 13:49:56 -0500
commit95c45773d7dbca2880152de681c81f0a2afec99b (patch)
tree501d62aa9508c19ca5a7912648bded52419d3ace /pkg
parentce45b71dcfe7e5e0fd7ab43b9eeb4834317e6443 (diff)
downloadpodman-95c45773d7dbca2880152de681c81f0a2afec99b.tar.gz
podman-95c45773d7dbca2880152de681c81f0a2afec99b.tar.bz2
podman-95c45773d7dbca2880152de681c81f0a2afec99b.zip
Do not mount sysfs as rootless in more cases
We can't mount sysfs as rootless unless we manage the network namespace. Problem: slirp4netns is now creating and managing a network namespace separate from the OCI runtime, so we can't mount sysfs in many circumstances. The `crun` OCI runtime will automatically handle this by falling back to a bind mount, but `runc` will not, so we didn't notice until RHEL gating tests ran on the new branch. Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'pkg')
-rw-r--r--pkg/specgen/generate/oci.go2
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 8454458a8..9649873fd 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -165,7 +165,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
inUserNS = true
}
}
- if inUserNS && s.NetNS.IsHost() {
+ if inUserNS && s.NetNS.NSMode != specgen.NoNetwork {
canMountSys = false
}